package org.thryft.waf.server.controllers.oauth;

import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.exceptions.OAuthException;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.oauth.OAuth20Service;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.DisabledAccountException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.thryft.native_.GenericUri;
import org.thryft.native_.Url;
import org.thryft.waf.api.models.ModelEntry;
import org.thryft.waf.api.services.AbstractIoException;
import org.thryft.waf.lib.logging.LoggingUtils;

/* loaded from: input_file:org/thryft/waf/server/controllers/oauth/AbstractOauthLoginController.class */
public abstract class AbstractOauthLoginController<IoExceptionT extends AbstractIoException, UserEntryT extends ModelEntry<?, ?>> extends HttpServlet {
    private final ImmutableMap<String, Oauth2ServiceProvider> oauthServiceProviders;
    private static final Logger logger = LoggerFactory.getLogger(AbstractOauthLoginController.class);
    static final Marker LOG_MARKER = LoggingUtils.getMarker(AbstractOauthLoginController.class);

    protected AbstractOauthLoginController(ImmutableMap<String, Oauth2ServiceProvider> immutableMap) {
        this.oauthServiceProviders = (ImmutableMap) Preconditions.checkNotNull(immutableMap);
    }

    protected abstract String _getFailedLoginUrl(String str, String str2);

    protected abstract String _getNewLoginUrl(String str);

    protected abstract String _getOauthCallbackUrlPathPrefix();

    protected Optional<String> _getOauthCallbackUrlScheme() {
        return Optional.absent();
    }

    protected abstract String _getSuccessfulLoginUrl(String str);

    protected abstract Optional<UserEntryT> _getUser(String str, OauthUserProfile oauthUserProfile) throws AbstractIoException;

    protected abstract void _login(UserEntryT userentryt);

    protected abstract UserEntryT _postUser(String str, OauthUserProfile oauthUserProfile) throws IOException;

    /* JADX WARN: Multi-variable type inference failed */
    protected final void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getPathInfo() == null || httpServletRequest.getPathInfo().length() <= 1) {
            logger.debug(LOG_MARKER, "ignoring request with invalid path '{}'", httpServletRequest.getPathInfo() != null ? httpServletRequest.getPathInfo() : "");
            httpServletResponse.sendError(404);
            return;
        }
        String lowerCase = StringUtils.stripStart(httpServletRequest.getPathInfo(), "/").toLowerCase();
        String header = httpServletRequest.getHeader("Host");
        if (header == null) {
            logger.debug(LOG_MARKER, "ignoring request with no Host header");
            httpServletResponse.sendError(400);
            return;
        }
        String parameter = httpServletRequest.getParameter("state");
        Oauth2ServiceProvider oauth2ServiceProvider = (Oauth2ServiceProvider) this.oauthServiceProviders.get(lowerCase);
        if (oauth2ServiceProvider == null) {
            logger.warn(LOG_MARKER, "unsupported OAuth provider '{}'", lowerCase);
            httpServletResponse.sendError(404);
            return;
        }
        Url parse = Url.parse(httpServletRequest.getRequestURL().toString());
        String url = Url.parse(((String) _getOauthCallbackUrlScheme().or(parse.getScheme())) + "://" + header + _getOauthCallbackUrlPathPrefix() + lowerCase).toString();
        logger.debug(LOG_MARKER, "HTTP request URL: {}, OAuth callback URL: {}", parse, url);
        ServiceBuilder callback = new ServiceBuilder().apiKey(oauth2ServiceProvider.getApiKey()).apiSecret(oauth2ServiceProvider.getApiSecret()).callback(url);
        if (oauth2ServiceProvider.getScope().isPresent()) {
            callback.scope((String) oauth2ServiceProvider.getScope().get());
        }
        OAuth20Service oAuth20Service = (OAuth20Service) callback.build(oauth2ServiceProvider);
        String parameter2 = httpServletRequest.getParameter("code");
        String parameter3 = httpServletRequest.getParameter("error");
        if (parameter2 != null) {
            try {
                OAuth2AccessToken oAuth2AccessToken = (OAuth2AccessToken) Preconditions.checkNotNull(oAuth20Service.getAccessToken(parameter2));
                logger.debug(LOG_MARKER, "getting user information from OAuth2 service provider '{}'", lowerCase);
                try {
                    OauthUserProfile userProfile = oauth2ServiceProvider.getUserProfile(oAuth20Service, oAuth2AccessToken);
                    Optional absent = Optional.absent();
                    try {
                        Optional _getUser = _getUser(lowerCase, userProfile);
                        if (_getUser.isPresent()) {
                            logger.debug(LOG_MARKER, "logging in existing user {}", ((ModelEntry) _getUser.get()).getModel());
                        } else {
                            absent = Optional.of(_postUser(lowerCase, userProfile));
                            logger.debug(LOG_MARKER, "logging in new user {}", ((ModelEntry) absent.get()).getModel());
                        }
                        ModelEntry modelEntry = (ModelEntry) _getUser.or(absent).get();
                        try {
                            _login(modelEntry);
                            String _getSuccessfulLoginUrl = _getUser.isPresent() ? _getSuccessfulLoginUrl(parameter) : _getNewLoginUrl(parameter);
                            logger.debug(LOG_MARKER, "redirecting {} to {} after successful login", modelEntry.getModel(), _getSuccessfulLoginUrl);
                            httpServletResponse.sendRedirect(_getSuccessfulLoginUrl);
                            return;
                        } catch (DisabledAccountException e) {
                            __redirectToFailedLoginUrl("inactive", httpServletResponse, parameter);
                            return;
                        } catch (AuthenticationException e2) {
                            __redirectToFailedLoginUrl((Exception) e2, httpServletResponse, parameter);
                            return;
                        }
                    } catch (AbstractIoException e3) {
                        __redirectToFailedLoginUrl((Exception) e3, httpServletResponse, parameter);
                        return;
                    }
                } catch (IOException | IncompleteOAuthUserProfileException e4) {
                    __redirectToFailedLoginUrl(e4, httpServletResponse, parameter);
                    return;
                }
            } catch (OAuthException e5) {
                logger.error(LOG_MARKER, "error getting OAuth access token: ", e5);
                __redirectToFailedLoginUrl((Exception) e5, httpServletResponse, parameter);
                return;
            }
        }
        if (parameter3 == null) {
            String authorizationUrl = oAuth20Service.getAuthorizationUrl((Map) null);
            try {
                Url parse2 = Url.parse(authorizationUrl);
                logger.debug(LOG_MARKER, "redirecting user to authorization URL");
                if (parameter != null && !parameter.isEmpty()) {
                    try {
                        String encode = URLEncoder.encode(parameter, "ASCII");
                        parse2 = parse2.getQuery().isPresent() ? (Url) GenericUri.builder(parse2).setQuery(((String) parse2.getQuery().get()) + "&state=" + encode).build() : (Url) GenericUri.builder(parse2).setQuery("?state=" + encode).build();
                    } catch (UnsupportedEncodingException e6) {
                        throw new IllegalStateException(e6);
                    }
                }
                httpServletResponse.sendRedirect(parse2.toString());
                return;
            } catch (IllegalArgumentException e7) {
                logger.error(LOG_MARKER, "error parsing authorization URL '{}': ", authorizationUrl, e7);
                throw new IllegalStateException();
            }
        }
        if (httpServletRequest.getContentLength() > 0) {
            try {
                BufferedReader reader = httpServletRequest.getReader();
                Throwable th = null;
                try {
                    try {
                        StringBuilder sb = new StringBuilder();
                        char[] cArr = new char[128];
                        while (true) {
                            int read = reader.read(cArr);
                            if (read <= 0) {
                                break;
                            } else {
                                sb.append(cArr, 0, read);
                            }
                        }
                        parameter3 = parameter3 + ":\n" + sb.toString();
                        if (reader != null) {
                            if (0 != 0) {
                                try {
                                    reader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                reader.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e8) {
            }
        }
        logger.error(LOG_MARKER, "OAuth2 error: ", parameter3);
        __redirectToFailedLoginUrl(parameter3, httpServletResponse, parameter);
    }

    private void __redirectToFailedLoginUrl(Exception exc, HttpServletResponse httpServletResponse, String str) throws IOException {
        __redirectToFailedLoginUrl(ExceptionUtils.getRootCauseMessage(exc), httpServletResponse, str);
    }

    private void __redirectToFailedLoginUrl(String str, HttpServletResponse httpServletResponse, String str2) throws IOException {
        String _getFailedLoginUrl = _getFailedLoginUrl(str, str2);
        logger.debug(LOG_MARKER, "redirecting user to {} after failed login", _getFailedLoginUrl);
        httpServletResponse.sendRedirect(_getFailedLoginUrl);
    }
}
